A new phishing email campaign was spotted by the FBI and CISA that infects the Trickbot and other prevalent and potent forms of malware. A joint advisory was issued by the FBI and CISA to revoke the spread of this malware.

This malware started its journey as a banking Trojan and getting more updated and become more powerful day by day. The tools used by Cybercriminals can infect the victim’s system and deliver their malware that also includes ransomware.

How this Malware Evolved?

Now the developer of this malware is using the new and updated techniques that can deliver direct malware into the victim’s systems and the phishing email that are containing evidence of traffic violation and the users are very scared while opening the emails and verified them.

The link sends thorough email redirects the users to the website that was hosted on the server that compromised the attackers and it also signifies the victims to click on the photo to see the proof. As the user clicks on the image or the attachment, the JavaScript file is started downloading and its established a connection to the command and control server that will download the Trickbot on the system.

The malware will create a backdoor into the Windows machines and authorize the hackers to steal the sensitive data that includes login credentials and another version of Trickbot that are enough capable while spreading the malware into the whole network.

The updated version of malware is fully customizable and it also contains multiple features that are used for further execution such as Conti and Ryuk ransomware attacks. They also initiated the system downloading and able to exploit the corrupted machines with the help of crypto mining.

However, multiple security companies discovered the Trickbot in October, but the malware does not stay quiet for long, it will be started updating itself and quickly resume its ongoing operations for further executions.

According to the security researcher, various organizations are taken several steps to take down or disable this malware that is activated for years. The malware is made up of strong infrastructure and it has multiple capabilities for execution.

The experts also added that it is very difficult to remove this malware from the system, while removing the malware we need to do a coordinated international law enforcement effort that we saw for the Emotet.

The malware is rapidly growing within the weeks and getting updated day by day without trouble. This malware becomes the most powerful tool for criminals that have to target enterprises or entire organizations of all sizes.

Since there is some measure that was taken by the CISA and FBI that can protect the user’s network from this malware.

Summering Up

The CISA told the organization to aware their employees of these update phishing and social engineering attacks. Organizations have to build a proper cybersecurity program that has the formalized security patch process and it will fix the know vulnerabilities that are present in the network.

The FBI also recommends the organization use multi-factor authentications that are used by the entire enterprise. So that the malware is not able to steal the login credentials or data that have been sent over the network.